Google Admin Configuration Settings for BullPhish ID to Ensure Phishing Simulation E-mail Template Delivery

You must take several steps to deliver BullPhish ID email templates successfully. This is a direct result of Google's competency at pre-filtering, quarantining, flagging, and notifying end users of potentially malicious activities in their inboxes. This is great for your organization but can also make things tedious when trying to deploy tools designed to simulate malicious activity for your employees.

The following guide ensures you take the necessary steps to successfully deliver BullPhish ID emails based on standard Google Admin configurations. As a note, this is in addition to the safelist if you have third-party spam filters deployed in your environment.

A. Setting the BullPhish ID IP Address as an Inbound Gateway

Configuring an email allowlist

1. Log into the admin console for your G-Suite account.
2. In the navigation menu, select Apps > Google Workspace > Gmail.
   
3. Scroll down and click Spam, Phishing, and Malware.
   
   
4. In the Email Allowlist section, hover in the upper-right corner and click the edit icon.
   
5. Copy the following IP addresses all at once (each must be separated by a comma).
   168.245.13.192, 34.237.252.20
   Note: 168.245.13.192 is needed only if you are using Dark Web ID as well as BullPhish ID.
6. In the Enter the IP addresses for your email allowlist field, paste the IP addresses.
   
7. Click Save.

Configuring spam filters

1. Scroll to the Spam section and click Configure.
   
2. In the Add setting modal, in the required description field, enter a description, for example BullPhish ID.
   
3. In the Options to bypass filters and warning banners section, verify the check boxes are selected for the following:
   • Bypass spam filters for internal senders.
   • Bypass spam filters for messages from senders or domains in selected lists.
     
4. For the Bypass spam filters for messages from senders or domains in selected lists option, click Create or edit list.
   
   
5. In the Manage address lists card, click Add Address List.
   
6. In the Name field, enter a name for the list (e.g., BullPhish ID).
   
7. Click Bulk Add Addresses.
   
   
8. Download the list of available sending domains that you can use in your training and phishing campaigns. 
   a. In BullPhish ID, in the navigation menu, select Settings > Sending Domains.
   
   b. In the upper-right corner, click Export Sending Domains.
   
   c. Download the Sending_Domains.csv file to the desired location.
9. Open the Sending_Domains.csv file in a text editor.  
   
10. Edit the file:
    • Delete "Sending Domain", Status
    • Delete all occurrences of Verified
      
      Only the sending domains should remain, each separated by a comma (Do not include a comma after the last domain).
      
      
11. Copy all of the sending domains at once.
12. In the Email address or domain name field, past the sending domains. Leave Require sender authentication selected.
    
13. Click Add.
    
    
    The domains are listed and enabled in the Add address list modal.
    
14. In the lower-right corner, click Save. The list you created is added to the Manage address lists table.
    
15. In your browser, click the Spam, phishing, malware tab to navigate back to the Add setting modal.
    
16. Under the Bypass spam filters for messages from senders or domains in selected lists option, click Use existing list.
    
17. In the Select Address Lists modal, select the check box for your list.
    
18. Click the X to close the modal. The list is added under the Bypass spam filters for messages from senders or domains in selected lists option.
    
19.  In the lower-right corner, click Save.

Configuring email gateways

If you use email gateways, follow these steps to improve spam handling.

1. In the Inbound gateway section, hover in the right corner and click the edit icon.
   
2. Select Enable.
3. In the Gateway IPs step, click Add.
   
4. Copy the first IP address (don't copy the IP address description):
   • 168.245.13.192 (SendGrid IP - Needed for sending notification emails but only if you are using Dark Web ID as well as BullPhish ID)
   • 34.237.252.20 (SMTP Server IP- Where we send Phishing & Training Emails from)
5. In the Add IP Address/Range modal, paste the IP address.
   
   
   
6. Click Save. The IP address is listed in the Gateway IPs table. 
7. Click Add.
   
   
   
8. Repeat steps 4 through 7 for the 34.237.252.20 IP address. 
   
   
9. Clear the Reject all mail not from gateway IPs check box.
   
10. In the Message Tagging section, select Message is considered spam if the following header regexp matches.
    
11. Copy the following text: skjdlaklsioudulekkda
12. In the Regexp field, paste the copied text.
     
13. Select the Disable Gmail Spam Evaluation on mail from this gateway; only use header value check box.
    
14.  In the lower-right corner, click Save.
    

B. Configuring an image URL proxy safelist

When your users open email messages, Gmail uses Google's secure proxy servers to serve images that might be included in these messages. It protects your users and domain against image-based security vulnerabilities and hides the IP address and User-Agent header. We have to safelist our domains to have proper E-mail Opened status tracking and information about IP address and User-Agent.

Configure the Image URL proxy safelist setting:

1. Log in to your Google Admin console.
2. In the navigation menu, select Apps > Google Workspace > Gmail.
3. Scroll down and click End User Access.
   
   
4. In the Organizational Units list, select your top-level organization.
   
5. In the End User Access card, in the Image URL proxy allowlist section, hover in the right corner and click the edit icon.
   
6. Copy the following URLs all at once.
   
   service-noreply.info/
   bpidtr.com/
   
   
7. In the Enter image URL patterns field, paste the URLs. Make sure each appears on its own line.
   
8. In the bottom-right corner, click Save. Changes may take up to 24 hours to propagate to all users.

C. Allow listing BullPhish ID by E-mail Header

In addition to setting BullPhish ID IP Addresses as inbound gateways, end users may still experience the following warning in their inboxes:

To address this issue, follow these steps:

1. Select Apps > Google Workspace > Gmail.
2. Scroll down and click Routing.
   
3. For the Routing setting, click Configure.
   
4. In the Add setting modal, in the Routing field, enter BullPhish ID.
5. In 1. Email messages to affect, select Inbound.
   
6. In 2. For the above types of messages, do the following, leave Modify message selected.
7. In the Headers section, select Add custom headers.
8. In the Custom Headers section, click Add.
   
9. In the Add Setting modal:
   • X-Header key: enter Mailer
   • Header value: enter Bullphish
   • Click Save.
     
     
10. Under Spam, select Bypass spam filter for this message.
    
11. At the bottom of modal, click Show options.
    
12. Under section A. Address lists, select Use address lists to bypass or control the application of this setting and then select the Only apply this setting for specific addresses/domains.
    
13. Click Use existing list.
    
14. Select your list.
    
15. Click the X to close the modal.
16. In the lower-right corner of the Add setting modal, click Save.

© Copyright

All rights reserved. No part of this document may be reprinted or reproduced, or utilized in any form or by any electronic, mechanical, or other means, now known or invented, including photocopying and recording or in any information storage or retrieval system without1w4ritten permission from the publishers.